[CNET News.com]
is reporting Flaw found in older Office versions.
“A security company warned Thursday that a flaw in Microsoft Office could allow a denial-of-service attack to be executed on systems running somewhat older versions of the popular productivity suite.
Secunia issued an advisory saying a buffer overrun flaw has been found in Office 2000, and potentially also in Office XP, that could allow hackers to take over a user’s system. The company rated the flaw as “highly critical.”
The security firm said that vulnerability is caused by an error in the way Microsoft Word manages input when parsing document files. It said the flaw could be exploited through a specially-crafted document and recommends that, until a fix is found, users only open trusted Word documents. “
Reminder: only open trusted attachments. Reminder 2: there are no trusted attachments.
Never open a document you are not expecting. Confirm all unexpected documents with the sender before opening.
Better yet, send documents as text or RTF if the recipient really doesn’t need all the features of a word processing document.
I wonder how OpenOffice.org would work with one of these broken documents…